Important

You are browsing upcoming documentation for version 6.0 of OroCommerce, OroCRM, and OroPlatform, scheduled for release in 2024. Read version 5.1 (the latest LTS version) of the Oro documentation to get up-to-date information.

See our Release Process documentation for more information on the currently supported and upcoming releases.

Configurable Permissions 

Users can manage the visibility of role permissions on the View and Edit Role pages.

Model 

ConfigurablePermission is a model that contains all data of the Configurable Permission. It has three public methods to check if permission or a capability is configurable for this ConfigurablePermission:

  • isEntityPermissionConfigurable($entityClass, $permission) - checks that permission $permission is configurable for entity class $entityClass;

  • isWorkflowPermissionConfigurable($identity, $permission) - checks that permission $permission is configurable for workflow part with identity $identity;

  • isCapabilityConfigurable($capability) - checks that capability is configurable.

Configuration 

All Configurable Permissions are described in the configuration file configurable_permissions.yml of the corresponding bundle.

It has four main options:

  • default (bool, by default = false) - all permissions for the Configurable Name configurable by default;

  • entities (array|bool) - the list of entity classes with permissions. If a value is boolean, it will be applied to all permissions for this entity class;

  • capabilities (array) - the list of capabilities;

  • workflows (array|bool) - the list of workflow permissions identities with permissions. If a value is boolean, it will be applied to all permissions for this identity.

An example of a simple configurable permission configuration:

src/Acme/Bundle/DemoBundle/Resources/config/oro/configurable_permissions.yml 
oro_configurable_permissions:
    acme_favorite_permission:                                       # configurable permission name, will be used by filter
        default: true                                               # is all permissions for this `some_name` configurable by default
        entities:
            Acme\Bundle\DemoBundle\Entity\Favorite:                 # entity class
                VIEW: false                                         # deny permission `VIEW` for entity Favorites
                CREATE: true                                        # show permission `CREATE` for entity Favorites
                EDIT: true                                          # show permission `EDIT` for entity Favorites
        capabilities:
            oro_acme_some_capability: false                         # hide capability `oro_acme_some_capability` for `some_name`
        workflows:
            workflow1:
                PERFORM_TRANSIT: false                              # hide permission `PERFORM_TRANSIT` for workflow `workflow1`

Configuration Merging 

All configurations merge in the boot bundles order. The application collects configurations of all configurable permissions with the same name and merges them into one configuration.

Merging uses simple rules:

  • if the node value is scalar, the value will be replaced

  • if the node value is an array, this array will be complemented by the values from the second configuration

After this step, the application knows about all permissions and has only one configuration for each permission.